Gate PKCS#1/PKCS#8 support on encoding feature (#537)

Support for these formats has a number of dependencies required, and
isn't always necessary, e.g. the `ssh-key` crate implements an entirely
different encoding format for RSA keys.

Making support an optional feature avoids incurring these dependencies
when that's the case.

This commit also removes the `pem` feature and makes PEM support
on-by-default whenever `encoding` is enabled. This only adds the
`pem-rfc7468` dependency. Most users will probably want PEM support if
they have the `encoding` feature enabled.

Author: tarcieri

.github/workflows/workspace.yml

@@ -44,4 +44,4 @@ jobs:
       - uses: Swatinem/rust-cache@v2
       - env:
           RUSTDOCFLAGS: "-Dwarnings --cfg docsrs"
-        run: cargo doc --no-deps --features std,pem,serde,hazmat,sha2
+        run: cargo doc --no-deps --features std,serde,hazmat,sha2

Cargo.toml

@@ -13,21 +13,21 @@ readme = "README.md"
 rust-version = "1.85"
 
 [dependencies]
-rand_core = { version = "0.9.0", default-features = false }
 const-oid = { version = "0.10.0", default-features = false }
-subtle = { version = "2.6.1", default-features = false }
+crypto-bigint = { version = "0.7.0-pre.5", default-features = false, features = ["zeroize", "alloc"] }
+crypto-primes = { version = "0.7.0-pre.1", default-features = false }
 digest = { version = "0.11.0-rc.0", default-features = false, features = ["alloc", "oid"] }
-pkcs1 = { version = "0.8.0-rc.2", default-features = false, features = ["alloc", "pkcs8"] }
-pkcs8 = { version = "0.11.0-rc.4", default-features = false, features = ["alloc"] }
+rand_core = { version = "0.9.0", default-features = false }
 signature = { version = "3.0.0-rc.1", default-features = false, features = ["alloc", "digest", "rand_core"] }
-spki = { version = "0.8.0-rc.2", default-features = false, features = ["alloc"] }
+subtle = { version = "2.6.1", default-features = false }
 zeroize = { version = "1.5", features = ["alloc"] }
-crypto-bigint = { version = "0.7.0-pre.5", default-features = false, features = ["zeroize", "alloc"] }
-crypto-primes = { version = "0.7.0-pre.1", default-features = false }
 
 # optional dependencies
-sha1 = { version = "0.11.0-rc.0", optional = true, default-features = false, features = ["oid"] }
+pkcs1 = { version = "0.8.0-rc.2", optional = true, default-features = false, features = ["alloc", "pem", "pkcs8"] }
+pkcs8 = { version = "0.11.0-rc.4", optional = true, default-features = false, features = ["alloc", "pem"] }
 serdect = { version = "0.3.0", optional = true }
+sha1 = { version = "0.11.0-rc.0", optional = true, default-features = false, features = ["oid"] }
+spki = { version = "0.8.0-rc.2", optional = true, default-features = false, features = ["alloc"] }
 sha2 = { version = "0.11.0-rc.0", optional = true, default-features = false, features = ["oid"] }
 serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] }
 
@@ -51,15 +51,14 @@ serde = { version = "1.0.184", features = ["derive"] }
 name = "key"
 
 [features]
-default = ["std", "pem"]
+default = ["std", "encoding"]
+encoding = ["dep:pkcs1", "dep:pkcs8", "dep:spki"]
 hazmat = []
 os_rng = ["rand_core/os_rng", "crypto-bigint/rand_core"]
-serde = ["dep:serde", "dep:serdect", "crypto-bigint/serde"]
-pem = ["pkcs1/pem", "pkcs8/pem"]
+serde = ["encoding", "dep:serde", "dep:serdect", "crypto-bigint/serde"]
 pkcs5 = ["pkcs8/encryption"]
 std = ["pkcs1/std", "pkcs8/std", "rand_core/std", "crypto-bigint/rand"]
 
-
 [package.metadata.docs.rs]
 features = ["std", "pem", "serde", "hazmat", "sha2"]
 rustdoc-args = ["--cfg", "docsrs"]

src/algorithms/pkcs1v15.rs

@@ -7,8 +7,8 @@
 //! [RFC8017 § 8.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-8.2
 
 use alloc::vec::Vec;
+use const_oid::AssociatedOid;
 use digest::Digest;
-use pkcs8::AssociatedOid;
 use rand_core::TryCryptoRng;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 use zeroize::Zeroizing;

src/encoding.rs

@@ -3,6 +3,8 @@
 //! Note: PKCS#1 support is achieved through a blanket impl of the
 //! `pkcs1` crate's traits for types which impl the `pkcs8` crate's traits.
 
+#![cfg(feature = "encoding")]
+
 use crate::{
     traits::{PrivateKeyParts, PublicKeyParts},
     RsaPrivateKey, RsaPublicKey,
@@ -19,21 +21,19 @@ use zeroize::Zeroizing;
 pub const ID_RSASSA_PSS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10");
 
 /// Verify that the `AlgorithmIdentifier` for a key is correct.
-pub(crate) fn verify_algorithm_id(
-    algorithm: &pkcs8::AlgorithmIdentifierRef,
-) -> pkcs8::spki::Result<()> {
+pub(crate) fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> spki::Result<()> {
     match algorithm.oid {
         pkcs1::ALGORITHM_OID => {
             if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() {
-                return Err(pkcs8::spki::Error::KeyMalformed);
+                return Err(spki::Error::KeyMalformed);
             }
         }
         ID_RSASSA_PSS => {
             if algorithm.parameters.is_some() {
-                return Err(pkcs8::spki::Error::KeyMalformed);
+                return Err(spki::Error::KeyMalformed);
             }
         }
-        _ => return Err(pkcs8::spki::Error::OidUnknown { oid: algorithm.oid }),
+        _ => return Err(spki::Error::OidUnknown { oid: algorithm.oid }),
     };
 
     Ok(())
@@ -76,10 +76,10 @@ impl TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for RsaPrivateKey {
 }
 
 impl TryFrom<pkcs8::SubjectPublicKeyInfoRef<'_>> for RsaPublicKey {
-    type Error = pkcs8::spki::Error;
+    type Error = spki::Error;
 
-    fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result<Self> {
-        use pkcs8::spki::Error::KeyMalformed;
+    fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> spki::Result<Self> {
+        use spki::Error::KeyMalformed;
 
         verify_algorithm_id(&spki.algorithm)?;
 
@@ -156,7 +156,7 @@ impl EncodePrivateKey for RsaPrivateKey {
 }
 
 impl EncodePublicKey for RsaPublicKey {
-    fn to_public_key_der(&self) -> pkcs8::spki::Result<Document> {
+    fn to_public_key_der(&self) -> spki::Result<Document> {
         let modulus = self.n().to_be_bytes();
         let public_exponent = self.e().to_be_bytes();
 

src/errors.rs

@@ -50,9 +50,11 @@ pub enum Error {
     PublicExponentTooLarge,
 
     /// PKCS#1 error.
+    #[cfg(feature = "encoding")]
     Pkcs1(pkcs1::Error),
 
     /// PKCS#8 error.
+    #[cfg(feature = "encoding")]
     Pkcs8(pkcs8::Error),
 
     /// Internal error.
@@ -95,7 +97,9 @@ impl core::fmt::Display for Error {
             Error::ModulusTooLarge => write!(f, "modulus too large"),
             Error::PublicExponentTooSmall => write!(f, "public exponent too small"),
             Error::PublicExponentTooLarge => write!(f, "public exponent too large"),
+            #[cfg(feature = "encoding")]
             Error::Pkcs1(err) => write!(f, "{}", err),
+            #[cfg(feature = "encoding")]
             Error::Pkcs8(err) => write!(f, "{}", err),
             Error::Internal => write!(f, "internal error"),
             Error::LabelTooLong => write!(f, "label too long"),
@@ -107,12 +111,14 @@ impl core::fmt::Display for Error {
     }
 }
 
+#[cfg(feature = "encoding")]
 impl From<pkcs1::Error> for Error {
     fn from(err: pkcs1::Error) -> Error {
         Error::Pkcs1(err)
     }
 }
 
+#[cfg(feature = "encoding")]
 impl From<pkcs8::Error> for Error {
     fn from(err: pkcs8::Error) -> Error {
         Error::Pkcs8(err)

src/key.rs

@@ -703,9 +703,11 @@ mod tests {
     use crate::traits::{PrivateKeyParts, PublicKeyParts};
 
     use hex_literal::hex;
-    use pkcs8::DecodePrivateKey;
     use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng};
 
+    #[cfg(feature = "encoding")]
+    use pkcs8::DecodePrivateKey;
+
     #[test]
     fn test_from_into() {
         let raw_n = BoxedUint::from(101u64);
@@ -1014,6 +1016,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "encoding")]
     fn build_key_from_primes() {
         const RSA_2048_PRIV_DER: &[u8] = include_bytes!("../tests/examples/pkcs8/rsa2048-priv.der");
         let ref_key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap();
@@ -1035,6 +1038,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "encoding")]
     fn build_key_from_p_q() {
         const RSA_2048_SP800_PRIV_DER: &[u8] =
             include_bytes!("../tests/examples/pkcs8/rsa2048-sp800-56b-priv.der");

src/lib.rs

@@ -145,7 +145,7 @@
 //!
 //! ```
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! # #[cfg(all(feature = "pem", feature = "std"))]
+//! # #[cfg(all(feature = "encoding", feature = "std"))]
 //! # {
 //! use rsa::{RsaPublicKey, pkcs1::DecodeRsaPublicKey};
 //!
@@ -189,7 +189,7 @@
 //!
 //! ```
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! # #[cfg(all(feature = "pem", feature = "std"))]
+//! # #[cfg(all(feature = "encoding", feature = "std"))]
 //! # {
 //! use rsa::{RsaPublicKey, pkcs8::DecodePublicKey};
 //!
@@ -238,7 +238,9 @@ mod dummy_rng;
 mod encoding;
 mod key;
 
+#[cfg(feature = "encoding")]
 pub use pkcs1;
+#[cfg(feature = "encoding")]
 pub use pkcs8;
 #[cfg(feature = "sha2")]
 pub use sha2;

src/pkcs1v15.rs

@@ -18,10 +18,10 @@ pub use self::{
 };
 
 use alloc::{boxed::Box, vec::Vec};
+use const_oid::AssociatedOid;
 use core::fmt::Debug;
 use crypto_bigint::BoxedUint;
 use digest::Digest;
-use pkcs8::AssociatedOid;
 use rand_core::TryCryptoRng;
 
 use crate::algorithms::pad::{uint_to_be_pad, uint_to_zeroizing_be_pad};

src/pkcs1v15/signature.rs

@@ -7,6 +7,7 @@ use signature::SignatureEncoding;
 
 #[cfg(feature = "serde")]
 use serdect::serde::{de, Deserialize, Serialize};
+#[cfg(feature = "encoding")]
 use spki::{
     der::{asn1::BitString, Result as DerResult},
     SignatureBitStringEncoding,
@@ -24,6 +25,7 @@ impl SignatureEncoding for Signature {
     type Repr = Box<[u8]>;
 }
 
+#[cfg(feature = "encoding")]
 impl SignatureBitStringEncoding for Signature {
     fn to_bitstring(&self) -> DerResult<BitString> {
         BitString::new(0, self.to_vec())

src/pkcs1v15/signing_key.rs

@@ -1,28 +1,31 @@
-use super::{oid, pkcs1v15_generate_prefix, sign, Signature, VerifyingKey};
+use super::{pkcs1v15_generate_prefix, sign, Signature, VerifyingKey};
 use crate::{dummy_rng::DummyRng, Result, RsaPrivateKey};
 use alloc::vec::Vec;
+use const_oid::AssociatedOid;
 use core::marker::PhantomData;
 use digest::Digest;
-use pkcs8::{
+use rand_core::{CryptoRng, TryCryptoRng};
+use signature::{
+    hazmat::PrehashSigner, DigestSigner, Keypair, MultipartSigner, RandomizedDigestSigner,
+    RandomizedMultipartSigner, RandomizedSigner, Signer,
+};
+use zeroize::ZeroizeOnDrop;
+
+#[cfg(feature = "encoding")]
+use {
+    super::oid,
+    pkcs8::{EncodePrivateKey, SecretDocument},
     spki::{
         der::AnyRef, AlgorithmIdentifierRef, AssociatedAlgorithmIdentifier,
         SignatureAlgorithmIdentifier,
     },
-    AssociatedOid, EncodePrivateKey, SecretDocument,
 };
-use rand_core::{CryptoRng, TryCryptoRng};
 #[cfg(feature = "serde")]
 use {
     pkcs8::DecodePrivateKey,
     serdect::serde::{de, ser, Deserialize, Serialize},
 };
 
-use signature::{
-    hazmat::PrehashSigner, DigestSigner, Keypair, MultipartSigner, RandomizedDigestSigner,
-    RandomizedMultipartSigner, RandomizedSigner, Signer,
-};
-use zeroize::ZeroizeOnDrop;
-
 /// Signing key for `RSASSA-PKCS1-v1_5` signatures as described in [RFC8017 § 8.2].
 ///
 /// [RFC8017 § 8.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-8.2
@@ -192,6 +195,7 @@ where
     }
 }
 
+#[cfg(feature = "encoding")]
 impl<D> AssociatedAlgorithmIdentifier for SigningKey<D>
 where
     D: Digest,
@@ -201,6 +205,7 @@ where
     const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static> = pkcs1::ALGORITHM_ID;
 }
 
+#[cfg(feature = "encoding")]
 impl<D> EncodePrivateKey for SigningKey<D>
 where
     D: Digest,
@@ -243,6 +248,7 @@ where
     }
 }
 
+#[cfg(feature = "encoding")]
 impl<D> SignatureAlgorithmIdentifier for SigningKey<D>
 where
     D: Digest + oid::RsaSignatureAssociatedOid,
@@ -256,6 +262,7 @@ where
         };
 }
 
+#[cfg(feature = "encoding")]
 impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for SigningKey<D>
 where
     D: Digest + AssociatedOid,